Skip to content

Content 0.1.69
Compare
Choose a tag to compare
@github-actions github-actions released this 02 Aug 09:59
· 3766 commits to master since this release
v0.1.69
cf12119
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Important Highlights

  • Introduce a JSON build manifest (#10761)
  • Introduce a script to compare ComplianceAsCode versions (#10768)
  • Introduce CCN profiles for RHEL9 (#10860)
  • Map rules to components (#10609)
  • products/anolis23: supports Anolis OS 23 (#10548)
  • Render components to HTML (#10709)
  • Store rendered control files (#10656)
  • Test and use rules to components mapping (#10693)
  • Use distributed product properties (#10554)

New Rules and Profiles

  • Add modified audit suid privilege function rule for CIS (#10729)
  • Introduce CCN profiles for RHEL9 (#10860)
  • Introduce network access control rule (#10596)
  • New templated rule to remove iptables-services package (#10703)
  • RHCOS4 STIG: Cover controls that correspond to NIST AC (#10727)
  • Include new kickstart files for CCN profiles (#10863)

Updated Rules and Profiles

  • A change into sudoers_validate_passwd (#10861)
  • Add audit_rules_login_events_faillock to RHEL 8 STIG (#10816)
  • Add modified audit suid privilege function rule for CIS (#10729)
  • Add mount platforms (#10794)
  • Add platform package variables for firewalld and iptables (#10740)
  • Add warning to rsyslog_remote_tls_cacert (#10676)
  • add-rules sles-15-010418 sles-12-010498 (#10711)
  • Change rules related to /etc/shadow to check only local user configuration (#10838)
  • Deprecate account_emergency_expire_date (#10829)
  • ensure_pam_wheel_group_empty: depend on pam being installed (#10808)
  • Fix grub2 remediation instructions (#10717)
  • Fix of rule sudo_dedicated_group for sle 12/15 (#10689)
  • Fixes of cron package/service for SLE 12/15 (#10549)
  • Increase RHEL7 STIG Coverage (#10705)
  • Link api_server_encryption_provider_cipher with CIS 2.8 (#10494)
  • New applicability platform to check IPv6 state (#10830)
  • OCP4: Fix instructions of scc_limit_container_allowed_capabilities (#10798)
  • pam_faillock rules: show XCCDF variables in rule description (#10824)
  • Removal of package_libreswan_installed from SLE 12/15 profiles (#10696)
  • Remove quotes from journald config parameters (#10790)
  • service_apport_disabled: depend on apport being installed (#10805)
  • Set package_iptables_installed as machine only (#10804)
  • Set package_nftables_installed as machine only (#10803)
  • Set package_rng-tools_installed as machine only (#10810)
  • Switch from "use_pam_wheel_for_su" to "use_pam_wheel_group_for_su" for RHEL 8 and 9 (#10762)
  • Update of anssi profile for SLE 12/15 (#10702)
  • Update OL8 cjis profile (#10771)
  • Update OL8 hipaa profile (#10822)
  • Update RHEL 7 STIG to v3r11 (#10821)
  • Update RHEL 8 STIG to V1R10 (#10826)
  • update rule SLES-12-030250 (#10644)
  • Update SLE 12/15 rule and change package name (#10580)
  • Use opening parenthesis in the switch case condition of RHEL-08-020041 (#10472)
  • use_pam_wheel_group_for_su: depend on pam being installed (#10807)
  • Updates of the rule use_pam_wheel_group_for_su (#10714)

Changes in Remediations

  • Add a Playbook name to Ansible Playbooks (#10713)
  • Add remediations for rule network_sniffer_disabled (#10659)
  • configure_openssl_cryptopolicy: align remediations with rule description (#10828)
  • Fix in service_autofs_disabled - ansible (#10521)
  • Fix issue when adding fstab entries with iso9660 (#10572)
  • fix: use grep -E instead of deprecated egrep (#10643)
  • fixes in file_groupownership template (#10666)
  • macros: bash: Avoid matching comments in fstab macros (#10754)
  • Refactor Ansible remediation for dir_perms_world_writable_root_owned (#10839)
  • SLE Add rsyslog_remote_loghost droping remediations (#10672)
  • SLE Coredump configuration support dropin remediation (#10604)
  • SLES15 use dropin configuration for issue banner (#10605)
  • Various fixes for Ubuntu (#10755)

Changes in Checks

  • enhance OVAL for enable_fips_mode (#10900)
  • Check only local users home directories (#10825)
  • Update sysctl template to check(and not fix) /usr/lib/sysctl.d directory (#10637)

Changes in the Infrastructure

  • .github/workflows/gate.yaml:Add anolis8 product. (#10814)
  • Add a sanity test of install_vm.py (#10684)
  • Add validation for Keys in Controls (#10813)
  • create_srg_export: Enable reading check and fix from controls even if they have rules listed (#10769)
  • Fix CMakelint (#10701)
  • Fix compare datastream check to correctly treat new line characters. (#10667)
  • Fix traceback in release helper (#10718)
  • Implement distributed product properties without applying them (#10648)
  • Stop using "imp" module (#10819)
  • utils: Add SRG to NIST control mapping for the OCP4 STIG (#10758)

Changes in the Test Suite

  • Add a test for rule journald_compress (#10818)
  • Add a test for rule journald_storage (#10817)
  • Add Automatus Testing (#10678)
  • Add SCAPVal to CTest (#10802)
  • Fix grep for Automatus sanity (#10752)
  • Fix install_vm.py on older versions of Python (#10651)
  • fix: ssg_test_suite: warning when rule not in benchmark (#10642)
  • Add requirements files for python dependencies (#10487)

Documentation

  • Add a section guiding through the process of rule divergence (#10763)
  • Add graphs to represent the life cycle of controls file (#1863
  • Integrate manpage with CMake better (#10624)
  • Move the most important links to a better place (#10745)
  • update list of contributors before stabilizing 0.1.69 (#10844)
Assets 6
6 Join discussion